Authentication information control system, authentication information control method, and non-transitory computer-readable recording medium

ABSTRACT

A control unit issues temporary authentication information for disabling a locking/unlocking process to a user terminal satisfying a first condition. The control unit determines whether first authentication information has been issued to another user terminal, issues second authentication information to the user terminal to which the temporary authentication information has been issued when the first authentication information has not been issued to another user terminal, and issues the second authentication information to the user terminal to which the temporary authentication information has been issued with detection of ending of use of the first authentication information in another user terminal as a trigger when the first authentication information has been issued to the other user terminal.

INCORPORATION BY REFERENCE

The disclosure of Japanese Patent Application No. 2017-237785 filed onDec. 12, 2017 including the specification, drawings and abstract isincorporated herein by reference in its entirety.

BACKGROUND 1. Technical Field

The disclosure relates to an authentication information control system,an authentication information control method, and a non-transitorycomputer-readable recording medium that control a user's access to apredetermined area in a vehicle configured to be lockable/unlockable byissuance of authentication information for permitting locking andunlocking of the vehicle.

2. Description of Related Art

Recently, a trunk-sharing system in which a cargo compartment or apassenger compartment of a vehicle which is designated by a user is usedas a pickup and delivery place of a delivery object has been developedas means for efficiently performing pickup and delivery of a deliveryobject (baggage) between a user of a pickup and delivery service and adelivery company carrying out pickup and delivery. For example, JapaneseUnexamined Patent Application Publication No. 2006-206225 (JP2006-206225 A) has proposed a system that performs an authenticationprocess between a pickup and delivery communication device of a deliverycompany and a vehicle communication device mounted in a designatedvehicle and permits locking and unlocking of the designated vehicle whenthe authentication has succeeded at the time of pickup and delivery of adelivery object.

SUMMARY

In a system that performs pickup and delivery of baggage using a vehiclelike the trunk-sharing system, when one vehicle is used by a pluralityof users, the vehicle is often used on a subscription basis. That is, aplurality of users cannot often simultaneously use a vehicle.Accordingly, for example, in a trunk-sharing system, when a user of apickup and delivery service has designated a pickup and delivery timeperiod in a vehicle for one delivery company, other delivery companiesmay not perform pickup and delivery for the vehicle in the designatedpickup and delivery time period.

The disclosure provides a technique capable of contributing toimprovement in the degree of freedom in time of a user's access to apredetermined area in a vehicle configured to be lockable and unlockablein a system that controls the user's access to the predetermined area byissuance of authentication information for enabling locking andunlocking thereof.

The applicant has achieved the above-mentioned objective by controllingthe timing at which authentication information is issued such thattemporal restrictions of an access to a predetermined area in a vehicledecrease for each of a plurality of users who intends to access thepredetermined area in the vehicle.

More specifically, according to a first aspect of the disclosure, thereis provided an authentication information control system that controls auser's access to a predetermined area in a vehicle or a facility inwhich baggage is accommodated and which is lockable and unlockablethrough a locking/unlocking process using a locking/unlocking controldevice by issuing predetermined authentication information for enablingthe locking/unlocking process using the locking/unlocking control deviceto a user terminal of the user, the authentication information controlsystem including a control unit. The control unit is configured to issuetemporary authentication information for disabling the locking/unlockingprocess using the locking/unlocking control device to a user terminalsatisfying a first condition. The control unit is configured todetermine whether first authentication information has been issued toanother user terminal when a distance between the user terminal to whichthe temporary authentication information has been issued and the vehicleor the facility becomes less than a first distance, to issue secondauthentication information to the user terminal to which the temporaryauthentication information has been issued when the first authenticationinformation has not been issued to another user terminal, and to issuethe second authentication information to the user terminal to which thetemporary authentication information has been issued with detection ofending of use of the first authentication information in another userterminal as a trigger when the first authentication information has beenissued to the other user terminal.

Authentication information is issued to only a user terminal to whichthe temporary authentication information has been issued. Among aplurality of user terminals to which the temporary authenticationinformation has been issued, the authentication information can beissued to a user terminal which approaches the vehicle earlier.Accordingly, a user terminal can acquire the authentication informationat a time at which the user terminal approaches the vehicle withoutbeing temporarily restricted as long as the temporary authenticationinformation has been issued to the user terminal, and it is thuspossible to improve a degree of freedom in time of a user's access to apredetermined area in the vehicle. For example, in a pickup and deliverytime period such as a time period of 12:00 to 14:00, when the firstauthentication information is issued to a user terminal to which thetemporary authentication information has been issued but use of thefirst authentication information in the user terminal ends, the secondauthentication information can be issued to another user terminal towhich the temporary authentication information has been issued. That is,when there is a plurality of user terminals to which the temporaryauthentication information has been issued in a pickup and delivery timeperiod, authentication information can be sequentially issued to one ormore user terminals in the pickup and delivery time period and thus, forexample, a user who requests pickup and delivery of baggage candesignate one pickup and delivery time period and request pickup anddelivery of a plurality of pieces of baggage.

For example, when a use is a pickup and delivery user who picks up anddelivers baggage, the first condition is that it is the day of ascheduled pickup and delivery day of baggage or the day before or thatthe distance between the vehicle and the user terminal is less than apredetermined distance. The predetermined distance in the firstcondition is, for example, a distance which is larger than the firstdistance.

By issuing the temporary authentication information to a user terminalsatisfying the first condition and issuing the authenticationinformation to only the user terminal to which the temporaryauthentication information has been issued, it is possible to manage orcontrol the number of user terminals which can access a predeterminedarea in the vehicle by days or hours.

The first distance is, for example, a predetermined distance at which auser can access the vehicle and a distance by which a user terminal canperform predetermined short-range radio communication. The predeterminedshort-range radio communication is used, for example, to transmitauthentication information to a locking/unlocking control device mountedin the vehicle. That is, when a user arrives at the vehicle and is goingto access a predetermined area in the vehicle, the authenticationinformation is issued to the user terminal and the user can smoothlyaccess the predetermined area in the vehicle.

In the aspect, the control unit may be configured not to perform aprocess of invalidating the second authentication information on theuser terminal until a predetermined time elapses after ending of use ofthe second authentication information in the user terminal has beendetected. In this configuration, the user terminal may invalidate anunlocking process using the locking/unlocking control device andvalidate a locking process in a period of time from detection of endingof use of the second authentication information in the user terminal toexecution of the process of invalidating the second authenticationinformation. Ending of use of the second authentication information inthe user terminal is detected, for example, when the validity period ofthe second authentication information expires and when a predeterminedoperation indicating ending of use of the second authenticationinformation is input to the user terminal by the user.

Until a predetermined time elapses after ending of use of the secondauthentication information in the user terminal has been detected, theuser terminal cannot unlock the predetermined area in the vehicle butcan lock the predetermined area. Accordingly, for example, even after apredetermined operation indicating ending of use of the secondauthentication information is input to the user terminal in a state inwhich the user has forgotten to lock the predetermined area in thevehicle, the user can lock the predetermined area in the vehicle and itis thus possible to maintain security of the vehicle.

In the aspect, the control unit may be configured to set a validityperiod of the second authentication information at the same time asissuing the second authentication information to the user terminal andto detect ending of use of the second authentication information in theuser terminal when the validity period expires. By setting the validityperiod in the second authentication information, it is possible toprevent one user terminal from exclusively owning the authenticationinformation for a long time.

In the aspect, the control unit may be configured to set a validityperiod of the temporary authentication information at the same time asissuing the temporary authentication information, and the control unitmay be configured to determine whether a time remaining until thevalidity period of the temporary authentication information expires isless than a predetermined time length when the distance between the userterminal to which the temporary authentication information has beenissued and the vehicle or the facility becomes less than the firstdistance, and not to issue the second authentication information to theuser terminal when the remaining time is less than the predeterminedtime length. Accordingly, it is possible to prevent one user terminalfrom exclusively using the authentication information over the validityperiod of the temporary authentication information and to preventacquisition of the authentication information by another user terminalfrom being hindered.

The authentication information control system according to the firstaspect of the disclosure may be constituted by one or more processorssuch as a computer. When the authentication information control systemis constituted by a plurality of processors, elements of theauthentication information control system are distributed to theplurality of processors and the processors realize the function of theauthentication information control system in cooperation with eachother.

According to a second aspect of the disclosure, there is provided anauthentication information control method of controlling a user's accessto a predetermined area in a vehicle or a facility in which baggage isaccommodated and which is lockable and unlockable through alocking/unlocking process using a locking/unlocking control device byissuing predetermined authentication information for enabling thelocking/unlocking process using the locking/unlocking control device toa user terminal of the user, the authentication information controlmethod including: issuing temporary authentication information fordisabling the locking/unlocking process using the locking/unlockingcontrol device to a user terminal satisfying a first condition;determining whether first authentication information has been issued toanother user terminal when a distance between the user terminal to whichthe temporary authentication information has been issued and the vehicleor the facility becomes less than a first distance; and issuing secondauthentication information to the user terminal to which the temporaryauthentication information has been issued when the first authenticationinformation has not been issued to another user terminal, and issuingthe second authentication information to the user terminal to which thetemporary authentication information has been issued with detection ofending of use of the first authentication information in another userterminal as a trigger when the first authentication information has beenissued to the other user terminal. The technical concept disclosed forthe authentication information control system in the above-mentioneddescription can also be applied to the authentication informationcontrol method unless a technical discrepancy is caused.

According to a third aspect of the disclosure, there is provided anon-transitory computer readable medium storing a program forcontrolling a user's access to a predetermined area in a vehicle or afacility in which baggage is accommodated and which is lockable andunlockable through a locking/unlocking process using a locking/unlockingcontrol device by issuing predetermined authentication information forenabling the locking/unlocking process using the locking/unlockingcontrol device to a user terminal of the user, the program causing acomputer to perform a method, the method including: issuing temporaryauthentication information for disabling the locking/unlocking processusing the locking/unlocking control device to a user terminal satisfyinga first condition; determining whether first authentication informationhas been issued to another user terminal when a distance between theuser terminal to which the temporary authentication information has beenissued and the vehicle or the facility becomes less than a firstdistance; and issuing second authentication information to the userterminal to which the temporary authentication information has beenissued when the first authentication information has not been issued toanother user terminal, and issuing the second authentication informationto the user terminal to which the temporary authentication informationhas been issued with detection of ending of use of the firstauthentication information in another user terminal as a trigger whenthe first authentication information has been issued to the other userterminal.

According to the above-mentioned aspects, it is possible to improve thedegree of freedom in time of a user's access to a predetermined area ina vehicle configured to be lockable and unlockable in a system thatcontrols the user's access to the predetermined area by issuance ofauthentication information for enabling locking and unlocking thereof.

BRIEF DESCRIPTION OF THE DRAWINGS

Features, advantages, and technical and industrial significance ofexemplary embodiments of the disclosure will be described below withreference to the accompanying drawings, in which like numerals denotelike elements, and wherein:

FIG. 1 is a diagram schematically illustrating a configuration of atrunk-sharing system including an authentication information controlsystem according to a first embodiment of the disclosure;

FIG. 2 is a diagram illustrating details of configurations of an onboarddevice, a user terminal, a central server, and a pickup and deliverymanagement server which constitute the trunk-sharing system illustratedin FIG. 1;

FIG. 3 is a diagram illustrating a data structure of pickup and deliveryinformation which is stored in the pickup and delivery managementserver;

FIG. 4 is a diagram illustrating a data structure of vehicle managementinformation which is stored in the pickup and delivery managementserver;

FIG. 5 is a diagram illustrating a data structure of issuance statusinformation which is stored in the central server;

FIG. 6 is a flowchart illustrating a temporary issuance control processwhich is performed by the central server according to the firstembodiment of the disclosure;

FIG. 7 is a flowchart illustrating a formal issuance control processwhich is performed by the central server according to the firstembodiment of the disclosure;

FIG. 8 is a flowchart illustrating a temporary key managing processwhich is performed by a user terminal of a pickup and delivery useraccording to the first embodiment of the disclosure;

FIG. 9 is a flowchart illustrating a formal key managing process whichis performed by a user terminal of a pickup and delivery user accordingto the first embodiment of the disclosure;

FIG. 10A is a diagram illustrating an example of a process sequence in aspecific example of authentication information issuance control which isperformed by the central server;

FIG. 10B is a diagram illustrating an example of a process sequence in aspecific example of authentication information issuance control which isperformed by the central server;

FIG. 11 is a flowchart illustrating a temporary issuance control processwhich is performed by a central server according to a modified exampleof the disclosure; and

FIG. 12 is a flowchart illustrating a formal issuance control processwhich is performed by a central server according to a modified exampleof the disclosure.

DETAILED DESCRIPTION OF EMBODIMENTS

Hereinafter, a specific embodiment of the disclosure will be describedwith reference to the accompanying drawings. Configurations described inthe following embodiment are not intended to limit a technical scope ofthe present disclosure to the configurations unless describedparticularly.

First Embodiment System Configuration

FIG. 1 is a diagram schematically illustrating a configuration of atrunk-sharing system 1 according to a first embodiment. Thetrunk-sharing system 1 is a system for realizing a pickup and deliveryservice using a cargo compartment as a pickup and delivery place byallowing a person who requests pickup and delivery work of a deliveryobject (baggage) and a person who performs the pickup and delivery workof the requested delivery object to commonly use (share) the cargocompartment of a vehicle 10 which is designated by a requester.Accordingly, a “person who requests pickup and delivery work of adelivery object” and a “person who performs pickup and delivery work ofa delivery object” are users who use a cargo compartment of a vehicle,and the former is referred to as a “request user” and the latter isreferred to as a “pickup and delivery user” to distinguish both personsfrom each other. The cargo compartment is a predetermined area in avehicle 10 which can accommodate baggage to be picked up and deliveredand which is configured to be locked and unlocked by an onboard device10A as will be described later. The cargo compartment may be, forexample, an area which is partitioned from a passenger compartment inwhich a driver or the like of the vehicle 10 sits such that the cargocompartment and the passenger compartment cannot be accessed from eachother. The cargo compartment of the vehicle 10 is defined as a trunk inthe first embodiment. An area which can be used as a pickup and deliveryplace of baggage is not limited to the trunk, and may be, for example, apassenger seat or a rear seat in the passenger compartment. The cargocompartment of the vehicle 10 is an example of a predetermined area inthe claims.

In the example illustrated in FIG. 1, the trunk-sharing system 1includes an onboard device 10A that is installed in a vehicle 10, a userterminal 200 of a pickup and delivery user, a user terminal 50 of arequest user, a central server 400, and pickup and delivery managementservers 500A and 500B. The onboard device 10A, the user terminal 200,the user terminal 50, the central server 400, and the pickup anddelivery management servers 500A and 500B are connected to each othervia a network N1. The network N1 may be, for example, a global publiccommunication network such as the Internet, and a wide area network(WAN) or other communication networks may be employed. The network N1may include a telephone communication network of mobile phones and thelike and a radio communication network such as WiFi. The onboard device10A is connected to the user terminal 200 of a pickup and delivery uservia a network N2 including a short-range radio communication network orthe like. For example, the trunk-sharing system 1 includes two pickupand delivery management servers 500A and 500B, but may include three ormore pickup and delivery management servers. When the pickup anddelivery management servers are collectively mentioned in the followingdescription, 500 is used as a reference sign thereof.

The pickup and delivery management server 500 receives registration ofan article to be picked up and delivered (hereinafter also referred toas a “pickup and delivery baggage”) from a user terminal 50 of a requestuser. For example, when an article purchased from a product purchasesite opened by an electronic transaction provider is delivered as pickupand delivery baggage by the pickup and delivery user, the request usercan register pickup and delivery information on the pickup and deliverybaggage in the pickup and delivery management server 500 through anapplication for using a service using the trunk-sharing system 1(hereinafter also referred to as a predetermined application) which isinstalled in the user terminal 50 of the request user. The pickup anddelivery information includes identification information of the requestuser and schedule information of pickup and delivery as illustrated inFIG. 3 which will be described later. In the pickup and deliverymanagement server 500, the identification information of the requestuser is correlated in advance with a vehicle 10 correlated with therequest user, and the pickup and delivery information can also includeinformation of a selected pickup and delivery place when the pickup anddelivery place to be used is selected from candidates of pickup anddelivery places including the vehicle 10 associated with a user (therequest user) by the request user. In the following description, it isassumed that the pickup and delivery place of the request user is set toa vehicle 10. The pickup and delivery information further includesinformation on a status of pickup and delivery baggage. An example ofthe status information is information on whether pickup and delivery ofpickup and delivery baggage has been completed or the like.

It is assumed that the pickup and delivery management server 500A andthe pickup and delivery management server 500B illustrated in FIG. 1 aremanaged by different delivery companies. Accordingly, pickup anddelivery of pickup and delivery baggage based on the pickup and deliveryinformation which is managed by the pickup and delivery managementserver 500A is performed by a delivery company other than the deliverycompany that performs pickup and delivery of pickup and delivery baggagebased on the pickup and delivery information managed by the pickup anddelivery management server 500B. When pickup and delivery usersbelonging to the delivery companies that manage the pickup and deliverymanagement servers 500A and 500B are distinguished from each other, itis assumed in the following description that a suffix is added theretolike a pickup and delivery user A and a pickup and delivery user B.Similarly, when user terminals 200 carried by the pickup and deliveryusers are distinguished, it is assumed in the following description thata suffix is added thereto like a user terminal 200A and a user terminal200B.

When a request for pickup and delivery of baggage is received from auser terminal 50 of a request user and a pickup and delivery placethereof is a vehicle 10, the pickup and delivery management server 500requests the central server 400 to issue authentication information forlocking/unlocking a cargo compartment of the vehicle 10 in which thepickup and delivery baggage is accommodated to a user terminal 200 of apickup and delivery user. In this embodiment, the request is transmittedwith a request from the user terminal 200 of the pickup and deliveryuser as a trigger. The central server 400 transmits authenticationinformation for the vehicle 10 correlated with the identificationinformation of the request user to the user terminal 200 of the pickupand delivery user via the pickup and delivery management server 500based on the identification information of the request user included inthe pickup and delivery information. The pickup and delivery user canaccess the cargo compartment of the vehicle 10 to deliver and pick upthe pickup and delivery baggage by locking/unlocking the cargocompartment of the vehicle 10 using the authentication informationacquired by the user terminal 200. Here, the authentication informationis digital information which is used to allow an onboard device 10A toperform a locking/unlocking process for the cargo compartment of thevehicle 10 by being transmitted from the user terminal 200 to theonboard device 10A by short-range radio communication and beingsubjected to an authentication process by the onboard device 10A. Thelocking/unlocking process for the cargo compartment of the vehicle 10 isa process of locking/unlocking a door of the cargo compartment of thevehicle 10 in which pickup and delivery baggage is accommodated throughthe onboard device 10A of which details will be described later.

FIG. 2 is a block diagram schematically illustrating configurations ofan onboard device 10A, a user terminal 200 of a pickup and deliveryuser, a user terminal 50 of a request user, the pickup and deliverymanagement server 500, and the central server 400 which constitute thetrunk-sharing system 1. The hardware configurations and the functionalconfigurations of the onboard device 10A, the user terminal 200 of apickup and delivery user, the user terminal 50 of a request user, thepickup and delivery management server 500, and the central server 400will be described below with reference to FIG. 2.

The onboard device 10A is an example of a locking/unlocking controldevice in the claims and includes a key unit 100 and a locking/unlockingdevice 300. The key unit 100 includes the same radio interface as anelectronic key (hereinafter referred to as a portable unit) of a smartkey, and can perform locking and unlocking of a cargo compartment or apassenger compartment of a vehicle 10 (hereinafter may be simplyreferred to as “locking and unlocking of a vehicle 10” when the cargocompartment and the passenger compartment do not need to bedistinguished) without using any physical key by communication with theexisting locking/unlocking device 300 of the onboard device 10A. The keyunit 100 performs short-range radio communication with the user terminal200 of a pickup and delivery user and determines whether it serves as anelectronic key of the vehicle 10 based on the result of anauthentication process for the user terminal 200 of the pickup anddelivery user.

The user terminal 200 of a pickup and delivery user receivesauthentication information for locking and unlocking the cargocompartment, which is issued by the central server 400, via the pickupand delivery management server 500 as described above when accessing thecargo compartment of the vehicle 10 for delivering and picking up pickupand delivery baggage. Then, the user terminal 200 of the pickup anddelivery user transmits the authentication information to the key unit100, and the key unit compares the received authentication informationwith authentication information stored in advance in the key unit 100.When the authentication process succeeds, the user terminal 200 isauthenticated as a terminal that rightly operates the onboard device10A. When the user terminal 200 is authenticated, the key unit 100transmits a key ID of the vehicle 10, which is stored in advance in thekey unit 100 and correlated with the authentication information, to thelocking/unlocking device 300 along with a locking/unlocking signal. Thelocking/unlocking device 300 locks or unlocks the vehicle 10 when thekey ID received from the key unit 100 coincides with a key ID stored inadvance in the locking/unlocking device 300. The key unit 100 and thelocking/unlocking device 300 operate with electric power supplied from abattery mounted in the vehicle 10. The key ID stored in advance in thekey unit 100 may be encrypted with the authentication information. Inthis case, the key unit 100 can decrypt the key ID with theauthentication information and transmit the key ID to thelocking/unlocking device 300 when the authentication process for theuser terminal 200 of the pickup and delivery user succeeds.

Details of the locking/unlocking device 300 will be described below. Thelocking/unlocking device 300 is a device that locks and unlocks a doorof a passenger compartment or a cargo compartment of a vehicle 10. Forexample, the locking/unlocking device 300 may lock and unlock the doorof the vehicle 10 in accordance with a locking signal and an unlockingsignal which are transmitted from a portable unit corresponding to thevehicle 10 using radio waves of a radio frequency (hereinafter referredto as RF) band. The locking/unlocking device 300 also has a function oftransmitting radio waves of a low frequency (hereinafter referred to asLF) band for detecting the portable unit.

In this embodiment, the key unit 100 instead of the portable unitcontrols locking and unlocking of the door of the vehicle 10 bytransmitting and receiving radio waves of an RF band and an LF band toand from the locking/unlocking device 300. In the following description,unless otherwise mentioned, the communication destination of thelocking/unlocking device 300 is limited to the key unit 100.

The locking/unlocking device 300 includes an LF transmitter 301, an RFreceiver 302, a comparison ECU 303, a body ECU 304, and a door lockactuator 305. The LF transmitter 301 is means that transmits radio wavesof an LF band (for example, 100 KHz to 300 KHz) for detecting (polling)the key unit 100. The LF transmitter 301 is incorporated, for example,into a center console or in the vicinity of a steering wheel in thepassenger compartment. The RF receiver 302 is means that receives radiowaves of an RF band (for example, 100 MHz to 1 GHz) transmitted from thekey unit 100. The RF receiver 302 is incorporated at any location in thepassenger compartment.

The comparison ECU 303 is a computer that performs control for lockingand unlocking the door of the passenger compartment or the cargocompartment of the vehicle 10 based on a signal (a locking signal or anunlocking signal) transmitted from the key unit 100 using radio waves ofan RF band. The comparison ECU 303 is constituted, for example, by amicrocomputer. In the following description, the locking signal and theunlocking signal are collectively referred to as a locking/unlockingsignal. The term, locking/unlocking signal, represents at least one ofthe locking signal and the unlocking signal.

The comparison ECU 303 authenticates whether the locking/unlockingsignal transmitted from the key unit 100 is transmitted from a rightfuldevice. Specifically, the comparison ECU 303 determines whether the keyID included in the locking/unlocking signal coincides with the key IDstored in advance in a storage unit (not illustrated) of the comparisonECU 303. Then, the comparison ECU 303 transmits an unlocking command ora locking command to the body ECU 304 based on the determination result.The unlocking command or the locking command is transmitted via anonboard network such as a controller area network (CAN).

The door lock actuator 305 is an actuator that locks and unlocks thedoor of the vehicle 10 (such as a passenger compartment door which isopened and closed at the time of getting into and out of the passengercompartment as an interior space or a cargo compartment door which isopened and closed at the time of loading baggage in the cargocompartment). The door lock actuator 305 operates based on a signaltransmitted from the body ECU 304. The door lock actuator 305 may beconfigured to independently lock and unlock the passenger compartmentdoor and the cargo compartment door of the vehicle 10.

The body ECU 304 is a computer that executes body control of the vehicle10. The body ECU 304 has a function of simultaneously or independentlyperforming unlocking and locking of the passenger compartment door orthe cargo compartment door of the vehicle 10 by controlling the doorlock actuator 305 based on the unlocking command or the locking commandreceived from the comparison ECU 303. The comparison ECU 303 and thebody ECU 304 may be embodied as a single body.

The key unit 100 will be described now. The key unit 100 is a devicethat is disposed at a predetermined position (for example, inside aglove box) in the passenger compartment of the vehicle 10. The key unit100 has a function of authenticating a user terminal 200 by performingshort-range radio communication with the user terminal 200 of a pickupand delivery user or the like and a function of transmitting thelocking/unlocking signal using radio waves of an RF band based on theauthentication result. The key unit 100 includes an LF receiver 101, anRF transmitter 102, a short-range communication unit 103, and a controlunit 104.

The LF receiver 101 is means that receives a polling signal transmittedfrom the locking/unlocking device 300 using radio waves of an LF band.The LF receiver 101 includes an antenna for receiving radio waves of anLF band (hereinafter referred to as an LF antenna). The RF transmitter102 is means that transmits a locking/unlocking signal to thelocking/unlocking device 300 using radio waves of an RF band.

The short-range communication unit 103 is means that communicates with auser terminal 200 of a pickup and delivery user. The short-rangecommunication unit 103 performs communication in a short range (at adistance at which communication can be performed between the interiorand the exterior of the vehicle) using a predetermined radiocommunication standard. In this embodiment, the short-rangecommunication unit 103 performs data communication based on a Bluetooth(registered trademark) Low Energy standard (hereinafter referred to asBLE). BLE is a low-energy communication standard using Bluetooth, and ischaracterized in that communication can be started immediately when acommunication partner is detected without requiring pairing betweendevices. When the short-range communication unit 103 performs datacommunication based on BLE, a communicable range is a range of aboutseveral m to 10 in from the short-range communication unit 103 (the keyunit 100). In this embodiment, BLE is exemplified, but another radiocommunication standard can also be used. For example, near fieldcommunication (NFC), ultra wideband (UWB), or WiFi (registeredtrademark) may be used.

The control unit 104 is a computer that performs short-range radiocommunication with a user terminal 200 of a pickup and delivery user viathe short-range communication unit 103 and performs control forauthenticating the user terminal 200 and control for transmitting alocking/unlocking signal based on the authentication result. The controlunit 104 is constituted, for example, by a microcomputer.

The control unit 104 includes a storage unit 1041 and an authenticationunit 1042. A control program for controlling the key unit 100 is storedin the storage unit 1041. The control unit 104 may realize variousfunctional units including the authentication unit 1042 by causing a CPUwhich is not illustrated to execute the control program stored in thestorage unit 1041. For example, the control unit 104 realizes a functionof receiving a polling signal transmitted as radio waves of an LF bandfrom the locking/unlocking device 300 via the LF receiver 101, afunction of transmitting a locking/unlocking signal as radio waves of anRF band to the locking/unlocking device 300 via the RF transmitter 102,a function of processing communication with the user terminal 200 of apickup and delivery user which is performed by the short-rangecommunication unit 103, and a function of generating a locking/unlockingsignal when authentication of the user terminal 200 of a pickup anddelivery user by the authentication unit 1042 has succeeded.

The authentication unit 1042 authenticates the user terminal 200 basedon authentication information included in a locking request or anunlocking request (hereinafter collectively referred to as alocking/unlocking request) transmitted from the user terminal 200 of apickup and delivery user. Specifically, the authentication unit 1042compares the authentication information transmitted from the userterminal 200 of a pickup and delivery user with the authenticationinformation stored in the storage unit 1041 and determines that theauthentication has succeeded when they satisfy a predeterminedrelationship. When both pieces of authentication information do notsatisfy the predetermined relationship, the authentication unit 1042determines that the authentication has failed. Here, the predeterminedrelationship includes a case in which the authentication informationstored in the storage unit 1041 coincides with the authenticationinformation transmitted from the user terminal 200 of a pickup anddelivery user, a case in which results of predetermined processes suchas encryption and decryption using the two pieces of authenticationinformation coincide with each other, and a case in which a result ofdecryption on one of the two pieces of authentication informationcoincides with that on the other thereof.

When the authentication of the user terminal 200 of a pickup anddelivery user by the authentication unit 1042 has succeeded, alocking/unlocking signal generated in response to a request receivedfrom the user terminal 200 is transmitted to the locking/unlockingdevice 300 via the RF transmitter 102. In the following description, theauthentication information stored in the key unit 100 is referred to asdevice authentication information and the authentication informationtransmitted from the user terminal 200 of a pickup and delivery user isreferred to as terminal authentication information, if necessary.

The key unit 100 transmits the key ID along with the locking/unlockingsignal to the locking/unlocking device 300. The key ID may be stored inthe key unit 100 in a plaintext state in advance or may be stored in astate in which it is encrypted using a cipher specific to the userterminal 200 of a pickup and delivery user. When the key ID is stored inthe encrypted state, the encrypted key ID may be decrypted using theauthentication information transmitted from the user terminal 200 of apickup and delivery user to acquire the original key ID.

In this way, the onboard device 10A performs a sequence of processes ofperforming the authentication process using the key unit 100, operatingthe locking/unlocking device 300, and locking or unlocking the passengercompartment or the cargo compartment of the vehicle 10 with theauthentication information transmitted from the user terminal 200 as atrigger. This sequence of processes is a locking/unlocking process bythe onboard device 10A and is an example of a locking/unlocking processby a locking/unlocking control device in the claims.

The user terminal 200 of a pickup and delivery user will be describednow. The user terminal 200 is a small portable computer such as asmartphone, a mobile phone, a tablet terminal, a personal informationterminal, or a wearable computer (such as a smart watch). The userterminal 200 may be a personal computer (PC) that is connected to thepickup and delivery management server 500 via the network N1 such as theInternet which is a public communication network. The user terminal 200of a pickup and delivery user includes a short-range communication unit201, a communication unit 202, a control unit 203, and an input andoutput unit 204.

The short-range communication unit 201 is means that performs radiocommunication with the key unit 100 using the same radio communicationstandard as that of the short-range communication unit 103 of the keyunit 100. A network which is set up between the short-rangecommunication unit 201 and the key unit 100 is illustrated as N2 inFIG. 1. The communication unit 202 is communication means that connectsthe user terminal 200 to the network N1. In this embodiment, the userterminal 200 can communicate with another device (for example, thepickup and delivery management server 500) via the network N1 using amobile communication service such as 3G (3^(rd) Generation) or LTE (LongTerm Evolution).

The control unit 203 is a computer that takes charge of control of theuser terminal 200. The control unit 203 performs, for example, a processof acquiring the terminal authentication information, a process ofgenerating a locking/unlocking request including the acquired terminalauthentication information, a process of transmitting the generatedlocking/unlocking request to the key unit 100, and the like. The controlunit 203 is constituted, for example, by a microcomputer, and thefunctions of performing the above-mentioned processes are realized bycausing a CPU (not illustrated) to execute a program stored in storagemeans (such as a ROM) (not illustrated).

In the control unit 203, an authentication information managing unit2031 and a locking/unlocking control unit 2032 are embodied asfunctional units by causing the CPU to execute a program. Thelocking/unlocking control unit 2032 performs an interaction with apickup and delivery user via the input and output unit 204. The inputand output unit 204 is means that receives an input operation which hasbeen performed by the pickup and delivery user and presents informationto the pickup and delivery user. Specifically, the input and output unit204 includes a touch panel and control means thereof and a liquidcrystal display and control means thereof. The touch panel and theliquid crystal display are constituted as a single touch panel displayin this embodiment.

The locking/unlocking control unit 2032 displays an operation screen onthe input and output unit 204 and generates a locking request or anunlocking request based on an operation which has been performed by thepickup and delivery user. For example, the locking/unlocking controlunit 2032 outputs an icon for unlocking, an icon for locking, and thelike to the touch panel display and generates an unlocking request or alocking request based on the operation which has been performed by thepickup and delivery user. The operation which is performed by the pickupand delivery user is not limited to an operation using the touch paneldisplay. For example, the operation may be performed using a hardwareswitch.

In this embodiment, the central server 400 issues temporary keyinformation and formal key information to the user terminal 200. Theauthentication information managing unit 2031 manages the temporary keyinformation and the formal key information issued by the central server400. The temporary key information is transmitted from the centralserver 400 to the user terminal 200 via the pickup and deliverymanagement server 500, for example, before a business start time of ascheduled pickup and delivery date on which a pickup and delivery usercarrying the user terminal 200 performs pickup and delivery of baggagein the vehicle 10. The temporary key information is, for example, anaccess authority to the vehicle 10, and the temporary key informationhas to be owned for acquiring the formal key information. The temporarykey information is not authentication information for locking orunlocking the cargo compartment of the vehicle 10 and the cargocompartment of the vehicle 10 cannot be locked nor unlocked using thetemporary key information. The temporary key information is an exampleof temporary authentication information in the claims.

The temporary key information includes, for example, information (forexample, a flag) indicating that it is temporary key information. Alongwith the temporary key information, for example, identificationinformation of a request user, identification information of baggage, avalidity period of the temporary key information, and information whichis used for short-range communication with the key unit 100 of thevehicle 10 are transmitted to the user terminal 200. The informationwhich is used for short-range communication with the key unit 100 of thevehicle 10 may be included in the temporary key information. Separatelyfrom the temporary key information, pickup and delivery information onbaggage to be picked up or delivered illustrated in FIG. 3 which will bedescribed later and vehicle management information of the vehicle 10which is a pickup and delivery place illustrated in FIG. 4 which will bedescribed later are transmitted from the pickup and delivery managementserver 500 to the user terminal 200. For example, at the time at whichthe temporary key information transmitted from the central server 400 isreceived by the user terminal 200, the authentication informationmanaging unit 2031 stores the received temporary key information instorage means (not illustrated) of the user terminal 200. Thereafter,for example, at the time at which a temporary key informationinvalidation instruction transmitted from the central server 400 byexecution of a temporary key information invalidating process isreceived, the authentication information managing unit 2031 deletes thetemporary key information from the storage means.

The authentication information managing unit 2031 performs a process ofacquiring formal key information from the central server 400. The formalkey information is terminal authentication information which is used forthe key unit 100 to authenticate the user terminal 200. The formal keyinformation (the terminal authentication information) is different frominformation (a key ID) which is used for the locking/unlocking device300 to authenticate the key unit 100. The terminal authenticationinformation which is used for the key unit 100 to authenticate the userterminal 200 is, for example, authentication information correspondingto authentication information specific to the key unit 100 mounted inthe vehicle 10. The formal key information is an example ofpredetermined authentication information in the claims.

In this embodiment, when setup of connection with the key unit 100 viathe network N2 using the short-range communication unit 201 is detected,the authentication information managing unit 2031 transmits a formal keyinformation issuance request to the central server 400 via the pickupand delivery management server 500 using the communication unit 202. Thesetup of connection to the key unit 100 via the network N2 using theshort-range communication unit 201 means, for example, that a radiosignal such as a beacon signal emitted from the short-rangecommunication unit 103 of the key unit 100 is received with a receivingintensity of radio waves equal to or greater than a predeterminedthreshold value.

The formal key information issuance request includes the identificationinformation of the user terminal 200 and a signal for requestingissuance of terminal authentication information specific to the key unit100. The central server 400 having received the formal key informationissuance request transmits formal key information including terminalauthentication information specific to the key unit 100 mounted in thevehicle 10 to the user terminal 200. Accordingly, the user terminal 200can perform an operation of unlocking the vehicle 10. When the userterminal 200 does not store the terminal authentication information, alocking operation and an unlocking operation on the operation screen onthe vehicle 10 is not possible.

In this embodiment, the formal key information acquired by the userterminal 200 may be a one-time key. For example, at the time at whichthe formal key information transmitted from the central server 400 isreceived by the user terminal 200, the authentication informationmanaging unit 2031 stores the formal key information in the storagemeans (not illustrated) of the user terminal 200. Thereafter, forexample, at the time at which an invalidation instruction is receivedthrough execution of a formal key information invalidating process bythe central server 400, the authentication information managing unit2031 deletes the formal key information from the storage means.

The times at which the temporary key information and the formal keyinformation stored in the storage means of the user terminal 200 aredeleted are not limited to the above-mentioned examples. For example, atthe time at which a predetermined time has elapsed from a time point atwhich the user terminal 200 has received the temporary key informationand the formal key information transmitted from the central server 400or a time point at which the central server 400 has transmitted thetemporary key information and the formal key information to the userterminal 200, the temporary key information and the formal keyinformation stored in the storage means of the user terminal 200 may bedeleted. The terminal authentication information included in the formalkey information is not limited to the above-mentioned one-time key, andmay be a limited key which is valid in only a predetermined time period.It is assumed that device authentication information corresponding tothe terminal authentication information is stored in advance in the keyunit 100 regardless of whether the terminal authentication informationis a one-time key or a limited key.

The user terminal 50 of a request user will be described below.Similarly to the user terminal 200, the user terminal 50 may be, forexample, a small computer such as a smartphone, a mobile phone, a tabletterminal, a personal information terminal, or a wearable computer (suchas a smart watch) or may be a personal computer (PC). The user terminal50 of a request user includes a communication unit 51, a control unit52, and an input and output unit 53.

The communication unit 51 is communication means for connection to thenetwork N1, which is functionally the same as the communication unit202. The control unit 52 is a computer that takes charge of control ofthe user terminal 50. The control unit 52 is constituted, for example,by a microcomputer, and functions of performing various processes arerealized by causing a CPU (not illustrated) to execute a program storedin storage means (such as a ROM) (not illustrated). For example, thecontrol unit 52 executes a predetermined application, and requests thepickup and delivery management server 500 of a predetermined deliverycompany to pick up and deliver pickup and delivery baggage via the inputand output unit 53. The input and output unit 53 is means that receivesan input operation which has been performed by a request user andprovides information to the request user, which is functionally the sameas the input and output unit 204.

In FIG. 2, the user terminal 50 does not explicitly have an elementcorresponding to the short-range communication unit 201, but may includesuch an element, and the user terminal 50 may be configured to operatethe locking/unlocking device 300 by causing the control unit 52 toperform a process of acquiring terminal authentication information fromthe central server 400 and transmitting the acquired terminalauthentication information to the key unit 100 by short-range radiocommunication.

The pickup and delivery management server 500 will be described now. Thepickup and delivery management server 500 has a general configuration ofa computer and, at least one pickup and delivery management server isprovided as a management server of each delivery company when aplurality of delivery companies participates in the trunk-sharing system1. The pickup and delivery management server 500 is, for example, acomputer including a processor (not illustrated) such as a centralprocessing unit (CPU) or a digital signal processor (DSP), a mainstorage unit (not illustrated) such as a random access memory (RAM) anda read only memory (ROM), and an auxiliary storage unit (notillustrated) such as an erasable programmable ROM (EPROM), a hard diskdrive (HDD), and a removable medium. The removable medium is, forexample, a universal serial bus (USB) memory or a disk recording mediumsuch as a compact disc (CD) or a digital versatile disc (DVD). Anoperating system (OS), various programs, various tables, and the likeare stored in the auxiliary storage unit, and functions matching apredetermined purpose can be realized by loading a program storedtherein into a work area of the main storage unit, executing the loadedprogram, and controlling the constituent units through execution of theprogram.

The pickup and delivery management server 500 includes a communicationunit 501. The communication unit 501 is connected to another device andperforms communication between the pickup and delivery management server500 and the other device (for example, the central server 400 or theuser terminal 200). The communication unit 501 is, for example, a localarea network (LAN) interface board and a radio communication circuit forradio communication. The LAN interface board or the radio communicationcircuit is connected to the network N1 such as the Internet which is apublic communication network.

The pickup and delivery management server 500 includes a pickup anddelivery management database (DB) 503 that stores the above-mentionedpickup and delivery information. The pickup and delivery management DB503 is configured to store the pickup and delivery information in theauxiliary storage unit in which correlation between the request user andthe pickup and delivery information is performed. The pickup anddelivery management DB 503 is constructed by causing a program of adatabase management system (DBMS) which is executed by the processor tomanage data stored in the auxiliary storage unit. The pickup anddelivery management DB 503 is, for example, a relational database.

A structure of pickup and delivery information stored in the pickup anddelivery management DB 503 will be described below with reference toFIG. 3. FIG. 3 illustrates a table structure of pickup and deliveryinformation, and a pickup and delivery information table includes fieldsof request user ID, baggage ID, distinction between pickup and delivery,pickup and delivery date and time, pickup and delivery place, pickup anddelivery status, baggage properties, and pickup and delivery userterminal ID. Identification information for identifying a request useris input to the field of request user ID. Identification information foridentifying baggage to be picked up and delivered is input to the fieldof baggage ID. Information for specifying whether pickup and deliverybaggage is delivered or picked up by a pickup and delivery user is inputto the field of distinction between pickup and delivery. Informationindicating a scheduled pickup and delivery date and time of baggage isinput to the field of pickup and delivery date and time. For example,when there is a pickup and delivery date and time designated by therequest user, information indicating the desired pickup and deliverydate and time designated by the request user is input to the field ofpickup and delivery date and time. A pickup and delivery placedesignated by the request user from home and a vehicle of the requestuser is input to the field of pickup and delivery place. Informationindicating whether pickup and delivery of pickup and delivery baggagehas been completed by a pickup and delivery user is input to the fieldof pickup and delivery status. For example, “completed” is input whenthe pickup and delivery of pickup and delivery baggage has beencompleted, and “not completed” is input thereto when the pickup anddelivery has not been completed. Attributes information such as a weightand a size of pickup and delivery baggage is input to the field ofbaggage attributes. Identification information of the user terminal ofthe pickup and delivery user is input to the field of pickup anddelivery user terminal ID.

In the pickup and delivery management server 500, a control unit 502 isembodied as a functional unit by execution of a program by theprocessor. The control unit 502 performs management and control ofregistration and update of pickup and delivery information in the pickupand delivery management DB 503. For example, when a request userrequests pickup and delivery of pickup and delivery baggage using theuser terminal 50 thereof, the control unit 502 correlates theidentification information of baggage, the pickup and delivery date andtime, and the pickup and delivery place, and the like with theidentification information of the request user, generates pickup anddelivery information corresponding to the request user, and stores thegenerated pickup and delivery information in the pickup and deliverymanagement DB 503. The control unit 502 transmits a temporary keyinformation issuance request for the user terminal 200 of a pickup anddelivery user who is scheduled to deliver baggage to be delivered orpicked up to the central server 400, for example, at the time at whichthe baggage to be delivered in the pickup and delivery informationstored in the pickup and delivery management DB 503 arrives at adelivery center or at the time at which a pickup and delivery scheduleof baggage to be picked up is determined. The time at which thetemporary key information issuance request is issued is not limited tothe above-mentioned times, and temporary key information issuancerequests for baggage which has arrived at the delivery center or hasbeen requested for pickup in the meantime may be transmitted together,for example, once a day or once every several hours.

When change of information such as a pickup and delivery date and timeor a pickup and delivery place has been notified from the request userafter the pickup and delivery information has been generated, thecontrol unit 502 updates the pickup and delivery information storedtherein to correspond to the change. The control unit 502 may transmit anotification of change of information such as a pickup and delivery dateand time or a pickup and delivery place to the central server 400. Thecontrol unit 502 communicates with the user terminal 200 of a pickup anddelivery user via the communication unit 501 and also updatesinformation on the status of pickup and delivery baggage which isincluded in the pickup and delivery information. For example, thecontrol unit 502 receives status information (for example, informationindicating completion of pickup and delivery) input via the input andoutput unit 204 of the user terminal 200 by the pickup and delivery userfrom the user terminal 200 and updates the corresponding pickup anddelivery information.

Vehicle management information in which a request user and a vehicle 10as the corresponding pickup and delivery place are correlated is alsostored in the pickup and delivery management DB 503. The structure ofthe vehicle management information will be described below withreference to FIG. 4. FIG. 4 illustrates a table structure of the vehiclemanagement information, and a vehicle management information tableincludes a field of request user ID, a field of vehicle model, a fieldof vehicle color, and a field of vehicle number to which information (avehicle model, a vehicle color, and a vehicle number) for identifyingthe vehicle 10 is input such that a pickup and delivery user can detectthe vehicle 10 when the vehicle 10 has been selected as the pickup anddelivery place by the request user. The vehicle management informationtable also includes a field of vehicle position to which positioninformation on a position at which the vehicle 10 is located is input.The position information of the vehicle 10 may be acquired by an inputvia the user terminal 50 from the request user, or position informationof the vehicle 10 which is acquired by a data communication devicedisposed in the vehicle 10 and transmitted to the central server 400 maybe acquired from the central server 400.

The control unit 502 transmits a pickup and delivery instruction to thecorresponding user terminal 200 such that the pickup and delivery usercan pick up and deliver pickup and delivery baggage at the vehicle 10based on the pickup and delivery information and the vehicle managementinformation correlated with the request user ID. The pickup and deliveryinstruction may be transmitted to the user terminal 200 a plurality oftimes, not once. For example, pickup and delivery instructionsassociated with pickup and delivery on the next day may be transmittedtogether to the user terminals 200 of pickup and delivery users on theday before a scheduled pickup and delivery day and pickup and deliveryinstructions may be transmitted again on the current day of pickup anddelivery. When the pickup and delivery information has been updated, theupdated details are reflected therein at the time of transmission again.

One of the functional elements of the pickup and delivery managementserver 500 or some of the processes thereof may be embodied by anothercomputer connected to the network N1. A sequence of processes which areperformed by the pickup and delivery management server 500 may beimplemented in hardware or may be implemented in software.

The central server 400 will be described below. The central server 400has a general configuration of a computer, and a basic hardwareconfiguration thereof is the same as the pickup and delivery managementserver 500. Specifically, the central server 400 includes a processor, amain storage unit, and an auxiliary storage unit which are notillustrated. Accordingly, in the central server 400, functions matchinga predetermined purpose can be realized by causing the processor to loada program stored in the auxiliary storage unit into a work area of themain storage unit and to execute the loaded program and controlling theconstituent units or the like through execution of the program. Thecentral server 400 also includes a communication unit 401. Thecommunication unit 401 of the central server 400 is functionally thesame as the communication unit 501 of the pickup and delivery managementserver 500 and performs communication between the central server 400 andanother device (for example, the pickup and delivery management server500).

The central server 400 includes a user information DB 403, anauthentication information DB 404, and an issuance status information DB405 that store a variety of information in the auxiliary storage unit.Such databases (DB) are constructed by causing a program of a databasemanagement system which is executed by the processor to manage datastored in the auxiliary storage unit. The user information DB 403, theauthentication information DB 404, and the issuance status informationDB 405 are, for example, relational databases.

The user information DB 403 stores identification information of a userwho uses the vehicle 10 and a corresponding password. A user who usesthe vehicle 10 includes, for example, a pickup and delivery user whodelivers pickup and delivery baggage to the vehicle 10 or the like and arequest user who recovers the delivered pickup and delivery baggage.

The authentication information DB 404 stores, for example,authentication information for the vehicle 10 which corresponds to theterminal authentication information included in the formal keyinformation and predetermined information which is used for short-rangecommunication with the key unit 100 of the vehicle 10. Theauthentication information of the vehicle 10 is information which iscorrelated with the identification information (a key ID) for thevehicle 10. The information which is correlated with the identificationinformation (the key ID) for the vehicle 10 is, for example,identification information specific to the key unit 100 of the onboarddevice 10A. The authentication information DB 404 may store informationon a validity period (which includes a validity time period) of theauthentication information, whether the authentication information isinvalidated, and the like in addition to the authentication informationfor the vehicle 10. The predetermined information which is used forshort-range communication with the key unit 100 of the vehicle 10includes, for example, identification information of the key unit 100which is included in an advertising packet emitted from the key unit 100in BLE.

The issuance status information DB 405 stores issuance statusinformation indicating issuance statuses of temporary key informationand formal key information for a pickup and delivery user who isscheduled to pick up and deliver pickup and delivery baggage of which apickup and delivery place is designated as the vehicle 10. The structureof issuance status information stored in the issuance status informationDB 405 will be described below with reference to FIG. 5. FIG. 5illustrates a table structure of the issuance status information, and anissuance status information table includes fields of request user ID,baggage ID, pickup and delivery date and time, key issuance status,delivery company ID, and pickup and delivery user terminal ID.

The same values as the fields in the pickup and delivery informationtable stored in the pickup and delivery management DB 503 are input tothe field of request user ID, the field of baggage ID, the field ofpickup and delivery date and time, and the field of pickup and deliveryuser terminal ID. Identification information of a delivery company isinput to the field of delivery company ID. Information indicating one of“during temporary issuance,” “during waiting for formal issuance,” and“during formal issuance” which indicate issuance statuses of thetemporary key information and the formal key information is input to thefield of key issuance status. The status of “during temporary issuance”is a status indicating that temporary key information has been issued tothe user terminal 200 of a pickup and delivery user corresponding to thecorresponding baggage. The status of “during waiting for formalissuance” is a status indicating that a formal key information issuancerequest from the user terminal 200 of a pickup and delivery usercorresponding to the corresponding baggage is suspended. The state of“during formal issuance” is a status indicating that formal keyinformation has been issued to the user terminal 200 of a pickup anddelivery user corresponding to the corresponding baggage.

The issuance status information in the issuance status information DB405 is deleted from the issuance status information DB 405, for example,when the validity period of the temporary key information expires orwhen a scheduled delivery date of a target baggage expires.

In the central server 400, a control unit 402 is embodied as afunctional unit by causing the processor to execute a program. Thecontrol unit 402 performs control associated with issuance ofauthentication information to the user terminal 200 or the like.Specifically, the control unit 402 includes a temporary issuance controlunit 4021 and a formal issuance control unit 4022 as functional units.

The temporary issuance control unit 4021 controls issuance of temporarykey information. Hereinafter, issuance of temporary key information isalso referred to as temporary issuance. The temporary issuance controlunit 4021 receives a temporary key information issuance request, forexample, from the pickup and delivery management server 500. Forexample, the temporary issuance control unit 4021 receives informationon baggage to be picked up and delivered and information on the userterminal 200 of a pickup and delivery user as an issuance destinationalong with the temporary key information issuance request. For example,identification information of baggage, identification information of arequest user, and a designated pickup and delivery date and time areincluded in the information on baggage to be picked up and delivered.

The temporary issuance control unit 4021 transmits temporary keyinformation to the user terminal 200 via the pickup and deliverymanagement server 500. For example, the temporary key informationincludes information indicating that it is temporary key information.The temporary issuance control unit 4021 also transmits identificationinformation of baggage, identification information of a request user,and information on a validity period of the temporary key informationalong with the temporary key information. When predetermined informationis used for short-range communication with the key unit 100, theinformation is transmitted along with the temporary key information orthe information is included in the temporary key information.

The validity period of the temporary key information is set to thedesignated pickup and delivery time period when a pickup and deliverytime period has been designated by the request user and to 24 hours froma business start of the scheduled pickup and delivery date when a pickupand delivery time period has not been designated by the request user.The temporary issuance control unit 4021 registers the information onbaggage for which the temporary key information has been issued and theinformation on the user terminal 200 of a pickup and delivery user whois scheduled to pick up and deliver the baggage in the issuance statusinformation table stored in the issuance status information DB 405. Thekey issuance status is registered as “during temporary issuance.”

When the temporary key information is issued, the temporary issuancecontrol unit 4021 transmits a temporary issuance notification to theuser terminal 50 of a request user. The temporary issuance notificationincludes information such as the identification information of thebaggage, the scheduled pickup and delivery date and time, the deliverycompany, and the pickup and delivery place. By transmitting thetemporary issuance notification to the user terminal 50 of a requestuser, the request user can be notified of a delivery schedule and, forexample, when a scheduled reception time period has changed, adesignated delivery time period or the like can be changed. At the timeof issuance of temporary key information, the temporary issuance controlunit 4021 may request the user terminal 50 of a request user to permittemporary issuance and issue the temporary key information when thetemporary issuance has been permitted.

The formal issuance control unit 4022 controls issuance of formal keyinformation. Issuance of formal key information is also referred to asformal issuance. Specifically, the formal issuance control unit 4022receives a formal key information issuance request from the userterminal 200 of a pickup and delivery user via the pickup and deliverymanagement server 500. For example, the formal issuance control unit4022 receives identification information of the user terminal 200 whichis an issuance request source and identification information of baggageto be picked up and delivered along with the formal key informationissuance request.

The formal issuance control unit 4022 determines whether formal keyinformation has been already issued to another user terminal 200 as forthe request user which is a target of the formal key informationissuance request. Whether formal key information has been already issuedto another user terminal 200 as for the request user which is a targetof the formal key information issuance request is acquired, for example,depending on whether there is a record in which the value of the fieldof request user ID coincides with the identification information of therequest user of the issuance status information DB 405 and in which thekey issuance status is “during formal issuance.”

When formal key information has not been already issued to another userterminal 200 as for the request user which is a target of the formal keyinformation issuance request, the formal issuance control unit 4022transmits formal key information which is authentication informationcorresponding to the key unit 100 (terminal authentication information)to the user terminal 200 as a request source via the pickup and deliverymanagement server 500. Along with the formal key information, forexample, information of a validity period of the formal key information,identification information of the request user, and identificationinformation of baggage are also transmitted. The validity period of theformal key information is set to a time ranging from 5 minutes to 30minutes after the formal key information has been issued from thecentral server 400 or after the user terminal 200 has received theformal key information. In this case, the formal issuance control unit4022 updates the key issuance status of a record which coincides withthe baggage ID of baggage to be picked up and delivered in the issuancestatus information DB 405 to “during formal issuance.”

When formal key information has been already issued to another userterminal 200 as for the request user which is a target of the formal keyinformation issuance request, the formal issuance control unit 4022causes the formal key information issuance request from the userterminal 200 as the request source to wait (suspends the request). Inthis case, the formal issuance control unit 4022 updates the keyissuance status of the record which coincides with the baggage ID ofbaggage to be picked up and delivered in the issuance status informationDB 405 to “during waiting for formal issuance.” The formal issuancecontrol unit 4022 may transmit a waiting notification to the userterminal 200 as the request source.

When ending of use of formal key information by the request user hasbeen detected, the formal issuance control unit 4022 determines whetherthere is a user terminal 200 during waiting for formal issuance as forthe request user after a predetermined time has elapsed from thedetection. When there is a user terminal 200 during waiting for formalissuance as for the request user having ended use of formal keyinformation, the formal issuance control unit 4022 transmits formal keyinformation to the user terminal 200 during waiting.

Ending of use of the formal key information by the request user of theuser terminal 200 is detected, for example, by expiration of thevalidity period of the formal key information or reception of a formalkey information return notification from the user terminal 200 via thepickup and delivery management server 500. For example, when anoperation of completing the pickup and delivery is input by the pickupand delivery user or when a short-range communication radio signal fromthe key unit 100 cannot be received with a predetermined receivingintensity of radio waves, the user terminal 200 transits the formal keyinformation return notification to the central server 400 via the pickupand delivery management server 500.

When ending of use of the formal key information for the request userhas been detected, the formal issuance control unit 4022 performs aformal key information invalidating process on the user terminal 200 ofwhich ending of use of the formal key information has been detectedafter a predetermined time has elapsed from the detection. The reasonwhy the invalidating process is not performed immediately after endingof use of the formal key information has been detected is that thevalidity of the locking function of the vehicle 10 is suspended in theuser terminal 200. Accordingly, for example, the user terminal 200 cantransmit a locking request to the vehicle 10 for a moment even when thevalidity period of the formal key information has expired, and can lockthe vehicle 10 even when the validity period of the formal keyinformation has expired in a state in which the pickup and delivery userforgot locking of the vehicle 10. When the formal key informationinvalidating process ends, the formal issuance control unit 4022 updatethe key issuance status of the record coinciding with the baggage ID ofbaggage to be picked up and delivered in the issuance status informationDB 405 to “during temporary key issuance.”

Details of the processes of invalidating temporary key information andformal key information which are performed by the temporary issuancecontrol unit 4021 and the formal issuance control unit 4022 are notparticularly limited as long as the pickup and delivery user cannot lockand unlock the vehicle 10 using the already issued authenticationinformation. Examples of the processes of invaliding temporary keyinformation and the formal key information are as follows. (1) Thecentral server 400 instructs the user terminal 200 to delete temporarykey information or the formal key information. (2) The central server400 instructs the user terminal 200 to set an invalidation flag oftemporary key information or formal key information. In this case, thecontrol unit 203 of the user terminal 200 needs to be configured suchthat authentication information included in the formal key informationof which the invalidation flag is set is not transmitted to the vehicle10 by short-range radio communication. (3) The central server 400instructs the user terminal 200 to rewrite the validity period includedin the temporary key information or the formal key information to a pastdate and time. (4) The central server 400 instructs the user terminal200 not to transmit the temporary key information or the formal keyinformation, which is invalid, to the vehicle 10.

One of the functional elements of the central server 400 or some of theprocesses thereof may be embodied by another computer connected to thenetwork N1. A sequence of processes which are performed by the centralserver 400 may be implemented in hardware or may be implemented insoftware.

Process Flow

FIG. 6 is a flowchart illustrating a temporary issuance control processwhich is performed by the central server 400. The temporary issuancecontrol process is a process associated with temporary key informationissuance control which is performed by the central server 400. Theprocess flow illustrated in FIG. 6 is performed, for example, atpredetermined time intervals. The execution entity of the process flowillustrated in FIG. 6 is the processor mounted in the central server400, but it is assumed that the temporary issuance control unit 4021which is a functional unit is used as an entity for the purpose ofconvenience. The process flow illustrated in FIG. 6 is a process flowwhich is performed on a single piece of baggage to be picked up anddelivered.

In S101, the temporary issuance control unit 4021 determines whether atemporary key information issuance request has been received from thepickup and delivery management server 500. Along with the temporary keyinformation issuance request, for example, information on baggage to bepicked up and delivered and information of the user terminal 200 of thepickup and delivery user as an issuance destination are also received.The process flow transitions to S102 when the determination result ofS101 is positive and the process flow transitions to S103 when thedetermination result is negative.

In S102, the temporary issuance control unit 4021 determines whether apickup and delivery day designated by the request user or a pickup anddelivery day scheduled by the pickup and delivery management server 500is the current day or a next business day. Information of the designatedpickup and delivery day or the scheduled pickup and delivery day forbaggage to be picked up and delivered is included, for example, inpickup and delivery information on target baggage which is transmittedfrom the pickup and delivery management server 500 along with thetemporary key information issuance request. When the determinationresult of S102 is positive, the process flow transitions to S103. Whenthe determination result of S102 is negative, temporary issuance for thetarget baggage is suspended and the process flow illustrated in FIG. 6ends. The temporary issuance control process on the baggage of whichtemporary issuance has been suspended is performed again, for example,on the next business day.

In S103, the temporary issuance control unit 4021 sets a validity periodof the temporary key information and transmits the temporary keyinformation to the user terminal 200. The validity period of thetemporary key information is set to a designated pickup and deliverytime period when the pickup and delivery time period is designated bythe request user and is set to 24 hours from the business start time ofthe scheduled pickup and delivery day when the pickup and delivery timeperiod is not designated by the request user. Along with the temporarykey information, for example, identification information of baggage,identification information of the request user, information of thevalidity period of the temporary key information, and predeterminedinformation which is used for short-range communication with the keyunit 100 are transmitted. The temporary issuance control unit 4021registers a record in the issuance status information table stored inthe issuance status information DB 405 for the baggage to be picked upand delivered of the pickup and delivery user of the user terminal 200as an issuance destination of the temporary key information. The fieldof key issuance status in the registered record is “during temporaryissuance.”

In S104, the temporary issuance control unit 4021 transmits a temporarykey information issuance notification to the user terminal 50 of therequest user via the pickup and delivery management server 500. In S105,the temporary issuance control unit 4021 determines whether a pickup anddelivery change request has been received from the user terminal 50 ofthe request user via the pickup and delivery management server 500. Theprocess flow transitions to S106 when the determination result of S105is positive. The process flow transitions to S107 when the determinationresult of S105 is negative.

In S106, the temporary issuance control unit 4021 performs a processbased on details of the pickup and delivery change request. For example,when the designated pickup and delivery time period has changed, thetemporary issuance control unit 4021 issues the temporary keyinformation with a designated time period after the change as a validityperiod and transmits the temporary key information to the user terminal200 of the corresponding pickup and delivery user. The user terminal 200having received the temporary key information updates the storedtemporary key information to the newly received temporary keyinformation. For example, when the designated pickup and delivery dayhas changed, the temporary issuance control unit 4021 performs thetemporary key information invalidating process on the user terminal 200of the pickup and delivery user who picks up and delivers thecorresponding baggage.

In S107, the temporary issuance control unit 4021 determines whether thevalidity period of the temporary key information has expired. Theprocess flow transitions to S108 when the determination result of S107is positive, and the process flow transitions to S105 when thedetermination result is negative.

In S108, since the validity period of the temporary key information hasexpired, the temporary issuance control unit 4021 performs the temporarykey information invalidating process. The temporary issuance controlunit 4021 deletes the record in the issuance status information tablestored in the issuance status information DB 405 for the target baggage.Thereafter, the process flow illustrated in FIG. 6 ends.

FIG. 7 is a flowchart illustrating a formal issuance control processwhich is performed by the central server 400. The formal issuancecontrol process is a process associated with formal key informationissuance control. The process flow illustrated in FIG. 7 is performed,for example, at predetermined time intervals. The execution entity ofthe process flow illustrated in FIG. 7 is the processor mounted in thecentral server 400, but it is assumed that the formal issuance controlunit 4022 which is a functional unit is used as an entity for thepurpose of convenience.

In S201, the formal issuance control unit 4022 determines whether aformal key information issuance request has been received from the userterminal 200 via the pickup and delivery management server 500. Alongwith the formal key information issuance request, for example,identification information of the user terminal 200 as an issuancerequest source and identification information of baggage to be picked upand delivered are also received. The process flow transitions to S202when the determination result of S201 is positive and the process flowillustrated in FIG. 7 ends when the determination result is negative.

In S202, the formal issuance control unit 4022 determines whether a timeremaining until the validity period of the temporary key informationissued to the user terminal 200 as a formal key information issuancerequest source is equal to or greater than α minutes. For example, thevalidity period of the temporary key information is the designated timeperiod when there is a time period designated by the request user and is24 hours from the business start time when there is not designated timeperiod. The process flow transitions to S203 when the determinationresult of S202 is positive, and the process flow illustrated in FIG. 7ends when the determination result is negative. That is, formal issuanceis not performed in a minutes before the validity period of thetemporary key information expires. Here, for example, a minutes is thesame length as the time length of the validity period (for example, 5 to30 minutes) of the formal key information. Accordingly, it is possibleto prevent the user terminal 200 from exclusively owning the formal keyinformation for the vehicle 10 over the validity period of the temporarykey information.

In S203, the formal issuance control unit 4022 determines whether theformal key information for the vehicle 10 has been issued to anotheruser terminal 200. Whether the formal key information for the vehicle 10has been already issued is acquired, for example, depending on whetherthere is a record in which the field of key issuance status is “duringformal issuance” among the records in which the value of the field ofrequest user ID coincides with identification information of the requestuser received along with the formal key information issuance request inthe issuance status information DB 405. The process flow transitions toS204 when the determination result of S203 is positive, and the processflow transitions to S205 when the determination result is negative.

In S204, since the formal key information for the vehicle 10 has beenissued to another user terminal 200, the formal issuance control unit4022 transmits a waiting notification to the user terminal 200 as theformal key information issuance request source via the pickup anddelivery management server 500. The formal issuance control unit 4022updates the field of key issuance status in the record corresponding tothe target baggage in the issuance status information DB 405 to “duringwaiting for formal issuance.” Thereafter, the process flow illustratedin FIG. 7 ends. For example, when formal key information is not issuedto the user terminal 200 even if a predetermined time has elapsed afterthe field of key issuance status has been updated to “during waiting forformal issuance,” the formal issuance control unit 4022 may return thefield of key issuance status to “during temporary issuance.”

In S205, the formal issuance control unit 4022 transmits the formal keyinformation with a validity period set to the user terminal 200 thereinvia the pickup and delivery management server 500. The validity periodof the formal key information is set, for example, to 5 minutes to 30minutes from issuance from the formal issuance control unit 4022 orreception by the user terminal 200.

In S206, the formal issuance control unit 4022 determines whether aformal key information return notification has been received from theuser terminal 200. The process flow transitions to S208 when thedetermination result of S206 is positive, and the process flowtransitions to S207 when the determination result is negative.

In S207, the formal issuance control unit 4022 determines whether thevalidity period of the formal key information issued to the userterminal 200 has expired. The process flow transitions to S208 when thedetermination result of S207 is positive, and the process flowtransitions to S206 when the determination result is negative.

In S208, since a formal key information return notification has beenreceived from the user terminal 200 or the validity period of the formalkey information issued to the user terminal 200 has expired, that is,ending of use of the formal key information has been detected, theformal issuance control unit 4022 determines whether an unlockinginvalidation period which is started after ending of use of the formalkey information has been detected has expired. The unlockinginvalidation period is a period in which the user terminal 200 can lockthe vehicle 10 but cannot unlock the vehicle 10. The unlockinginvalidation period ranges, for example, from 5 minutes to 15 minutes.The process flow transitions to S209 when the determination result ofS208 is positive, and the process of S208 is repeatedly performed whenthe determination result is negative.

In S209, the formal issuance control unit 4022 performs a process ofinvalidating the formal key information issued to the user terminal 200.The formal issuance control unit 4022 updates the field of key issuancestatus in the record corresponding to the baggage to be picked up anddelivered of the user terminal 200 in the issuance status information DB405 to “during temporary issuance.”

In S210, the formal issuance control unit 4022 determines whether thereis another user terminal 200 during waiting for formal issuance for thevehicle 10. Whether there is another user terminal 200 during waitingfor formal issuance for the vehicle 10 is acquired, for example,depending on whether there is a record in which the field of keyissuance status is “during waiting for formal issuance” among therecords of which the value of the field of request user ID matches therecord corresponding to the baggage to be picked up and delivered of theuser terminal 200 on which the formal key information invalidatingprocess has performed in S209 in the issuance status information DB 405.

When the determination result of S210 is positive, the process flowtransitions to S204 and the formal key information is issued to anotheruser terminal 200 during waiting for issuance of the formal keyinformation. When there is a plurality of user terminals 200 duringwaiting for issuance of the formal key information, for example, theformal key information may be issued to a user terminal 200 having alongest waiting time or the formal key information may be issued to auser terminal having a smallest time remaining until the validity periodof the temporary key information expires. When there is a plurality ofuser terminals 200 during waiting for issuance of the formal keyinformation, the method of selecting a user terminal 200 to which theformal key information is issued is not limited thereto. When thedetermination result of S210 is negative, the process flow illustratedin FIG. 7 ends.

FIG. 8 is a flowchart illustrating a process flow of a temporary keymanaging process which is performed by a user terminal 200 of a pickupand delivery user. The temporary key managing process is a processassociated with management of the temporary key information in the userterminal 200. The process flow illustrated in FIG. 8 is performed, forexample, at predetermined time intervals. The execution entity of theprocess flow illustrated in FIG. 8 is a computer corresponding to thecontrol unit 203 of the user terminal 200 or a CPU mounted in thecomputer, but it is assumed that the authentication information managingunit 2031 which is a functional unit is used as an entity for thepurpose of convenience.

In S301, the authentication information managing unit 2031 determineswhether temporary key information has been received from the centralserver 400 via the pickup and delivery management server 500. Theprocess flow transitions to S302 when the determination result of S301is positive, and the process flow illustrated in FIG. 8 ends when thedetermination result is negative. In S302, the authenticationinformation managing unit 2031 stores the received temporary keyinformation in storage means provided in the control unit 203.

In S303, the authentication information managing unit 2031 determines aninstruction to invalidate the temporary key information received in S301has been received from the central server 400 via the pickup anddelivery management server 500. When the determination result of S303 ispositive, the process flow transitions to S304. When the determinationresult of S303 is negative, the process flow returns to S202. Forexample, when the validity period of the temporary key information hasexpired, the instruction to invalidate the temporary key information istransmitted from the central server 400.

In S304, the authentication information managing unit 2031 performs atemporary key information invalidating process. For example, thetemporary key information invalidating process is a process of deletingthe temporary key information from the storage means, setting up aninvalidation flag for the temporary key information, or rewriting thevalidity period of the temporary key information to a past date andtime. Thereafter, the process flow illustrated in FIG. 8 ends.

FIG. 9 is a flowchart illustrating a process flow of a formal keymanaging process which is performed by a user terminal 200 of a pickupand delivery user. The formal key managing process is a processassociated with management of the formal key information in the userterminal 200. The process flow illustrated in FIG. 9 is performed, forexample, at predetermined time intervals. The execution entity of theprocess flow illustrated in FIG. 9 is a computer corresponding to thecontrol unit 203 of the user terminal 200 or a CPU mounted in thecomputer, but it is assumed that the authentication information managingunit 2031 which is a functional unit is used as an entity for thepurpose of convenience.

In S401, the authentication information managing unit 2031 determineswhether the short-range communication unit 201 has been connected to thekey unit 100 of the vehicle 10 by short-range communication. The processflow transitions to S402 when the determination result of S401 ispositive, and the process flow illustrated in FIG. 9 ends when thedetermination result is negative. Information which is used forconnection to the key unit 100 of the vehicle 10 by short-rangecommunication is transmitted along with the temporary key information.Accordingly, in the first embodiment, the user terminal 200 notincluding the temporary key information for the vehicle 10 cannot beconnected to the key unit 100 of the vehicle 10 by short-rangecommunication and thus cannot issue a formal key information issuancerequest. That is, in order for the user terminal 200 to issue the formalkey information issuance request, it is necessary to include thetemporary key information.

In S402, the authentication information managing unit 2031 transmits aformal key information issuance request to the central server 400 viathe pickup and delivery management server 500. Along with the formal keyinformation issuance request, for example, identification information ofthe user terminal 200 as an issuance request source and identificationinformation of baggage to be picked up and delivered are alsotransmitted. In S403, the authentication information managing unit 2031determines whether the formal key information has been received from thecentral server 400 via the pickup and delivery management server 500.The process flow transitions to S406 when the determination result ofS403 is positive, and the process flow transitions to S404 when thedetermination result is negative.

In S404, the authentication information managing unit 2031 determineswhether short-range communication with the key unit 100 of the vehicle10 has been cut off. When the determination result of S404 is positive,the process flow illustrated in FIG. 9 ends. When the determinationresult of S404 is negative, the process flow transitions to S405. InS405, the authentication information managing unit 2031 determineswhether a predetermined time has elapsed from transmission of the formalkey information issuance request. The predetermined time in S405 is, forexample, the same length as the validity period of the formal keyinformation and ranges from 5 minutes to 30 minutes. When thedetermination result of S405 is positive, the process flow illustratedin FIG. 9 ends. When the determination result of S405 is negative, theprocess flow transitions to S403. That is, when the short-rangecommunication has been cut off or the predetermined time has elapsedfrom transmission of the formal key information issuance request withoutreceiving the formal key information, the process flow illustrated inFIG. 9 ends.

The processes of S406 to S412 are processes when the formal keyinformation has been received. In S406, the authentication informationmanaging unit 2031 determines whether short-range communication with thekey unit 100 of the vehicle 10 has cut off. The process flow transitionsto S408 when the determination result of S406 is positive, and theprocess flow transitions to S407 when the determination result isnegative.

In S407, the authentication information managing unit 2031 determineswhether a formal key information returning operation has been input fromthe input and output unit 204. The formal key information returningoperation is, for example, an operation input for completion of pickupand delivery of baggage. The process flow transitions to S408 when thedetermination result of S407 is positive, and the process flowtransitions to S409 when the determination result is negative.

In S408, since the short-range communication with the key unit 100 ofthe vehicle 10 has been cut off or the formal key information returningoperation has been input, the authentication information managing unit2031 transmits a formal key information return notification to thecentral server 400 via the pickup and delivery management server 500.

In S409, the authentication information managing unit 2031 determineswhether the validity period of the formal key information has expired.The process flow transitions to S410 when the determination result ofS409 is positive, and the process flow transitions to S406 when thedetermination result is negative.

In S410, the authentication information managing unit 2031 invalidatesan unlocking operation on the vehicle 10. A locking operation on thevehicle 10 is kept valid. Specifically, the authentication informationmanaging unit 2031 notifies the locking/unlocking control unit 2032 ofinvalidation of the unlocking operation, and the locking/unlockingcontrol unit 2032 invalidates the unlocking operation even when theunlocking operation on the vehicle 10 is input from the input and outputunit 204.

In S411, the authentication information managing unit 2031 determineswhether a formal key information invalidation instruction has beenreceived from the central server 400 via the pickup and deliverymanagement server 500. When the determination result of S411 ispositive, the process flow transitions to S412. When the determinationresult of S411 is negative, the process flow returns to S411. Forexample, when the unlocking invalidation period (see FIG. 7) hasexpired, the formal key information invalidation instruction istransmitted from the central server 400.

In S412, the authentication information managing unit 2031 performs aformal key information invalidating process. The formal key informationinvalidating process is, for example, a process of deleting the formalkey information from the storage means, setting up an invalidation flagfor the formal key information, rewriting the validity period of theformal key information to a past date and time, or not transmittingterminal authentication information included in the formal keyinformation to the vehicle 10. Thereafter, the process flow illustratedin FIG. 9 ends.

Specific Example

FIGS. 10A and 10B are diagrams illustrating an example of a processsequence in a specific example of authentication information issuancecontrol in the central server 400. In FIGS. 10A and 10B, a case in whichrequest users transmit pickup and delivery requests to a pickup anddelivery management server 500A and a pickup and delivery managementserver 500B using terminals 50 and a pickup and delivery user A and apickup and delivery user B pick and deliver baggage of which pickup anddelivery are requested by the request users is illustrated. In theexample illustrated in FIGS. 10A and 10B, it is assumed that a pickupand delivery time period is not designated and the pickup and deliveryuser A and the pickup and delivery user B belong to different deliverycompanies.

In S11, the central server 400 receives temporary key informationissuance requests for target baggage from the pickup and deliverymanagement server 500A and the pickup and delivery management server500B and issues temporary key information to the user terminals 200 ofthe pickup and delivery user A and the pickup and delivery user B (S101to S103 in FIG. 6). In S12, the user terminal 200A of the pickup anddelivery user A receives temporary key information for a vehicle 10 fromthe central server 400 via the pickup and delivery management server500A. In S13, the user terminal 200B of the pickup and delivery user Breceives temporary key information for the vehicle 10 from the centralserver 400 via the pickup and delivery management server 500B. Althoughnot illustrated, temporary key information issuance notificationscorresponding to S12 and S13 are transmitted to a user terminal 50 of arequest user from the central server 400.

The processes of S21 and subsequent thereto are processes on a scheduleddelivery day. In S21, the pickup and delivery user A reaches an area inwhich short-range communication with the vehicle 10 is possible, theuser terminal 200A of the pickup and delivery user A is connected to thekey unit 100 of the vehicle 10 by short-range communication, forexample, using information received along with the temporary keyinformation (YES in S401 in FIG. 9). In S22, the user terminal 200A ofthe pickup and delivery user A transmits a formal key informationissuance request to the central server 400 via the pickup and deliverymanagement server 500A (S402 in FIG. 9).

In S23, since formal key information for the vehicle 10 has not beenissued to any user terminal 200, the central server 400 transmits formalkey information to the user terminal 200A of the pickup and deliveryuser A via the pickup and delivery management server 500A (NO in S203and S205 in FIG. 7).

In S24, the user terminal 200A of the pickup and delivery user Areceives the formal key information for the vehicle 10 from the centralserver 400 via the pickup and delivery management server 500A (YES inS403 in FIG. 9). When the formal key information transmitted from thecentral server 400 is received by the user terminal 200A in this way, anoperation of locking and unlocking a cargo compartment of the vehicle 10can be performed using the user terminal 200A.

The processes of S31 to S34 are processes when the pickup and deliveryuser A reaches the vehicle 10 within the validity period of the formalkey information and picks up and delivers target baggage. In S31, whenthe pickup and delivery user A performs an operation of unlocking thevehicle 10 via the input and output unit 204 of the user terminal 200A,the user terminal 200A transmits an unlocking request includingauthentication information to the key unit 100. In S32, the key unit 100receives an unlocking request transmitted from the user terminal 200A ofthe pickup and delivery user A and performs an authentication process bycomparing authentication information (terminal authenticationinformation (formal key information)) included in the unlocking requestwith authentication information (device authentication information)stored in the storage unit 1041.

In S33, when authentication using both pieces of authenticationinformation has succeeded, the key unit 100 transmits an unlockingsignal and a key ID to the locking/unlocking device 300. In S34, thelocking/unlocking device 300 receives the unlocking signal and the keyID transmitted from the key unit 100, performs an authentication processbased on the received key ID, and unlocks the cargo compartment of thevehicle 10 when the authentication has succeeded. At this time, thelocking/unlocking device 300 may return an answerback or the like to thekey unit 100.

The processes of S31 to S34 are performed in the vehicle 10. On theother hand, in S41, the pickup and delivery user B reaches an area inwhich short-range communication with the vehicle 10 is possible and theuser terminal 200B of the pickup and delivery user B is connected to thekey unit 100 of the vehicle 10 by short-range communication usinginformation which is received along with the temporary key information(YES in S401 in FIG. 9). In S42, the user terminal 200B of the pickupand delivery user B transmits a formal key information issuance requestto the central server 400 via the pickup and delivery management server500B (S402 in FIG. 9).

In S43, since formal key information for the vehicle 10 has been alreadyissued to the user terminal 200A of the pickup and delivery user A (YESin S203 in FIG. 7), the central server 400 transmits a waitingnotification to the user terminal 200B of the pickup and delivery user Bvia the pickup and delivery management server 500B (S204 in FIG. 7).

In S51 in FIG. 10B, when the pickup and delivery user A completes pickupand delivery of baggage in the vehicle 10, closes the cargo compartmentdoor through an unlocking process, and performs an operation of lockingthe vehicle 10 via the input and output unit 204 of the user terminal200A, the user terminal 200A transmits a locking request includingauthentication information to the key unit 100. In S52, the key unit 100receives the locking request transmitted from the user terminal 200A andperforms an authentication process by comparing the authenticationinformation (terminal authentication information (formal keyinformation)) included in the locking request transmitted from the userterminal 200A with authentication information (device authenticationinformation) stored in the storage unit 1041.

In S53, when authentication using both pieces of authenticationinformation has succeeded, the key unit 100 transmits a locking signaland a key ID to the locking/unlocking device 300. In S54, thelocking/unlocking device 300 receives the locking signal and the key IDtransmitted from the key unit 100 and performs an authentication processbased on the received key ID. As a result, when the authentication hassucceeded, the cargo compartment door of the vehicle 10 is locked. InS35, the key unit 100 transmits a notification indicating that lockinghas been completed (a locking notification) to the user terminal 200.Accordingly, for example, a message indicating that locking has beencompleted is output onto a touch panel screen of the user terminal 200A.

In S61, when the pickup and delivery user A confirms that pickup anddelivery of baggage has been completed through the locking notificationdisplayed on the touch panel screen, the pickup and delivery user Ainputs a latest pickup and delivery status, that is, a status indicatingthat pickup and delivery has completed, via the input and output unit204 of the user terminal 200A in order to update the pickup and deliverystatus in pickup and delivery information stored in the pickup anddelivery management server 500A. In S62, the user terminal 200A of thepickup and delivery user A transmits the latest pickup and deliverystatus to the pickup and delivery management server 500A. In S63, thepickup and delivery management server 500A having received the latestpickup and delivery status updates the pickup and delivery information.In updating the pickup and delivery status, instead of causing thepickup and delivery user to input the information, when the userterminal 200A receives a locking notification from the key unit 100 inthe process of S55, the user terminal 200A may transmit an updatecommand to the pickup and delivery management server 500 such that thepickup and delivery status is completion of pickup and delivery withoutrequiring an input from the pickup and delivery user.

In S64, the user terminal 200A of the pickup and delivery user Areceives a status of completion of pickup and delivery in S61 andtransmits a formal key information return notification to the centralserver 400 via the pickup and delivery management server 500A (YES inS407 and S408 in FIG. 9). In S65, the central server 400 receives theformal key information return notification from the user terminal 200Aof the pickup and delivery user A, starts an unlocking invalidationperiod, and waits until the unlocking invalidation period expires.

In S66, the unlocking invalidation period expires and the central server400 performs a formal key information invalidating process (YES in S208and S209 in FIG. 7). In S67, the central server 400 transmits a formalkey information invalidation instruction to the user terminal 200A ofthe pickup and delivery user A via the pickup and delivery managementserver 500A. In S68, the user terminal 200A of the pickup and deliveryuser A receives the formal key information invalidation instruction andperforms the formal key information invalidating process (YES in S411and S412 in FIG. 9).

In S71, since exclusive owning of the formal key information for thevehicle 10 by the user terminal 200A of the pickup and delivery user Ahas expired, the central server 400 issues the formal key informationfor the vehicle 10 to the user terminal 200B of the pickup and deliveryuser B during waiting for formal issuance (YES in S210 and S205 in FIG.7). In S72, the user terminal 200B of the pickup and delivery user Breceives the formal key information for the vehicle 10 from the centralserver 400 via the pickup and delivery management server 500B (YES inS403 in FIG. 9). Thereafter, as in S31 to S34 and S51 to S55 illustratedin FIG. 10A, when the pickup and delivery user B arrives at the vehicle10, locking and unlocking of the cargo compartment of the vehicle 10 isperformed by causing the pickup and delivery user B to operate the userterminal 200B, and pickup and delivery of baggage is performed.

Operational Advantages of First Embodiment

In the first embodiment, temporary key information is issued to a userterminal 200 in advance on a scheduled delivery day, and formal keyinformation is issued to the user terminal 200 when the user terminal200 to which the temporary key information has been issued is connectedto the vehicle 10 by short-range communication, that is, when thedistance between the user terminal 200 and the vehicle 10 becomes adistance at which short-range communication therebetween is possible.However, when formal key information for the vehicle 10 has been alreadyissued to another user terminal 200, formal key information for thevehicle 10 is issued to the user terminal 200 after ending of use of theformal key information by the other user terminal 200 has been detected.

Accordingly, according to the first embodiment, a user terminal 200 towhich temporary key information has not been issued cannot acquireformal key information, and a user terminal 200 which earlier approachesthe vehicle 10 among a plurality of user terminals 200 to whichtemporary key information has been issued can exclusively own the formalkey information for about 5 minutes to 30 minutes. Accordingly, as longas the temporary key information has been issued to a user terminal 200,the user terminal 200 can acquire formal key information at a time atwhich it approaches the vehicle 10 without being temporally restricted,and temporal restriction to pickup and delivery of a pickup and deliveryuser is reduced.

By issuing temporary key information to a plurality of user terminals200, pickup and delivery users of the plurality of user terminals 200can access the cargo compartment of the vehicle 10 in a single pickupand delivery time period, and a request user can designate one pickupand delivery time period and give a plurality of pickup and deliveryrequests.

When the distance between a user terminal 200 and the vehicle 10 becomesa distance at which short-range communication is possible and formal keyinformation for the vehicle 10 has been issued to another user terminal200, the user terminal 200 can acquire formal key information for thevehicle 10 by waiting for ending of use of formal key information by theother user terminal 200. In the specific example illustrated in FIGS.10A and 10B, for example, when 5 minutes is required for pickup anddelivery in the vehicle 10 and the unlocking invalidation period is setto 5 minutes, the time from S21 to S68 in which the user terminal 200Aexclusively owns the formal key information for the vehicle 10 is 10minutes at most. That is, in the specific example illustrated in FIGS.10A and 10B, even when accesses of the user terminal 200A and the userterminal 200B to the vehicle 10 overlap, the user terminal 200B canaccess the vehicle 10 at most 10 minutes after. A validity period of 5minutes to 30 minutes is provided in the formal key information and useof the formal key information is considered to end when the validityperiod has expired. That is, according to the first embodiment, it ispossible to reduce the time in which one user terminal 200 exclusivelyowns formal key information for the vehicle 10 and to improve a degreeof freedom in pickup and delivery in the vehicle 10 by a plurality ofpickup and delivery users. Accordingly, for example, a request user candesignate pickup and delivery in the vehicle 10 for a plurality ofpickup and delivery users in a time period from 12:00 to 14:00.

According to the first embodiment, an unlocking invalidation period isset after ending of use of the formal key information by the userterminal 200 has been detected. Accordingly, in the unlockinginvalidation period, the user terminal 200 can continuously own theformal key information and cannot unlock the cargo compartment of thevehicle 10 but lock the cargo compartment. For example, when thevalidity period of the formal key information has expired in a state inwhich the cargo compartment of the vehicle 10 is unlocked for pickup anddelivery of baggage, the pickup and delivery user can lock the cargocompartment of the vehicle in the unlocking invalidation period and thusit is possible to maintain security of the vehicle 10.

In the first embodiment, information which is used for short-rangecommunication with the key unit 100 of the vehicle 10 is transmitted tothe user terminal 200 along with temporary key information. A validityperiod on a scheduled pickup and delivery date is provided in thetemporary key information. Accordingly, it is possible to limit a timein which a user terminal 200 of a pickup and delivery user can accessthe vehicle 10 by short-range communication and to maintain security.

Modified Example of First Embodiment

In the first embodiment, for example, when baggage arrives at a deliverycenter or when a pickup and delivery request has been received from auser terminal 50 of a request user, a temporary key information issuancerequest is transmitted and temporary key information is issued, andformal key information is issued with connection of a user terminal 200of a pickup and delivery user to the key unit 100 of the vehicle 10 byshort-range communication as a trigger. Instead, in a modified example,temporary key information and formal key information are issued based onposition information of the user terminal 200 of the pickup and deliveryuser and position information of the vehicle 10. In the firstembodiment, the validity period of temporary key information is arelatively long time which is 24 hours from a business start time of thescheduled delivery date when the request user has not designated thepickup and delivery time period, but is set to 1 hour to 2 hours afterthe temporary key information has been issued in this modified example.

The position information of the user terminal 200 of the pickup anddelivery user can be acquired, for example, by mounting a sensor thatcan acquire position information such as a global positioning system(GPS) in the user terminal 200. The position of the vehicle 10 ismanaged by the pickup and delivery management server 500 (see FIG. 4).In this embodiment, the user terminal 200 of the pickup and deliveryuser transmits position information to the central server 400 via thepickup and delivery management server 500 at predetermined intervals.The central server 400 issues temporary key information or formal keyinformation based on the position information received from the userterminal 200 of the pickup and delivery user and the positioninformation of the vehicle 10.

FIG. 11 is a flowchart illustrating a process flow of a temporaryissuance control process which is performed by the central server 400 inthis embodiment. In FIG. 11, the same processes as in the temporaryissuance control process illustrated in FIG. 6 according to the firstembodiment will be referred to by the same reference signs anddescription thereof will not be repeated.

In S501, the temporary issuance control unit 4021 determines whether adistance between the vehicle 10 and a user terminal 200 of a pickup anddelivery user is less than a first distance based on the positioninformation of the user terminal 200 of the pickup and delivery user.The first distance is set, for example, to 500 m to 1 km. The processflow transitions to S502 when the determination result of S501 ispositive, and the process flow illustrated in FIG. 11 ends when thedetermination result is negative.

In S502, the temporary issuance control unit 4021 determines whether thecurrent time is within a designated pickup and delivery time period ofbaggage to be picked up and delivered by the pickup and delivery user ofthe user terminal 200. When a pickup and delivery time period is notdesignated, the determination result of S502 is positive. The processflow transitions to S503 when the determination result of S502 ispositive, and the process flow illustrated in FIG. 11 ends when thedetermination result is negative.

In S503, the temporary issuance control unit 4021 sets a validity periodof temporary key information and transmits the temporary key informationto the user terminal 200. The validity period of the temporary keyinformation is set, for example, to 1 hour to 2 hours. The subsequentprocesses of S104 to S108 are the same as the processes of S104 to S108illustrated in FIG. 6 and the temporary key information is invalidatedwhen the validity period expires.

FIG. 12 is a flowchart illustrating a process flow of a formal issuancecontrol process which is performed by the central server 400 accordingto this modified example. In FIG. 12, the same processes as in theformal issuance control process illustrated in FIG. 7 according to thefirst embodiment will be referred to by the same reference signs anddescription thereof will not be repeated.

In S601, the formal issuance control unit 4022 determines whether adistance between a vehicle 10 and a user terminal 200 of a pickup anddelivery user is less than a second distance based on positioninformation of the user terminal 200 of the pickup and delivery user.The second distance is a distance less than the first distance and isset, for example, to 0 m to 10 m. The process flow transitions to S602when the determination result of S601 is positive, and the process flowillustrated in FIG. 12 ends when the determination result is negative.

In S602, the formal issuance control unit 4022 determines whethertemporary key information for the vehicle 10 is maintained. The processflow transitions to S202 when the determination result of S602 ispositive, and the process flow illustrated in FIG. 12 ends when thedetermination result is negative. Thereafter, the processes of S202 toS210 are the same as the processes of S202 to S210 in FIG. 7, and theformal key information is invalidated when the unlocking invalidationperiod elapses after a formal key information return notification isreceived and the validity period expires.

According to this modified example, temporary key information is issuedto a user terminal 200 of a pickup and delivery user when the pickup anddelivery user enters an area within the first distance from the vehicle10, and formal key information is issued to the user terminal 200 whenthe pickup and delivery user approaches the vehicle 10 and enters anarea within the second distance from the vehicle 10. When informationwhich is used for short-range communication with the key unit 100 of thevehicle 10 is transmitted along with the temporary key information, thetime in which the user terminal 200 of the pickup and delivery usermaintains the information can be reduced and thus it is possible toenhance security.

In this modified example, the central server 400 performs the process ofdetermining a distance between a vehicle 10 and a user terminal 200 of apickup and delivery user (S501 in FIG. 11 and S601 in FIG. 12), but anapplicable embodiment of the present disclosure is not limited thereto.For example, the process of determining a distance between a vehicle 10and a user terminal 200 of a pickup and delivery user (S501 in FIG. 11and S601 in FIG. 12) may be performed by the user terminal 200. The userterminal 200 acquires position information of the vehicle 10 usingdelivery schedule information or the like. In this case, when it isdetermined that the distance between the vehicle 10 and the userterminal 200 is less than the first distance, the user terminal 200transmits a temporary key information issuance request to the centralserver 400 via the pickup and delivery management server 500. In thiscase, when the distance between the vehicle 10 and the user terminal 200is less than the second distance, the user terminal 200 transmits aformal key information issuance request to the central server 400 viathe pickup and delivery management server 500.

Others

For example, temporary key information may be issued before businessstart of a scheduled pickup and delivery date or during a business houras in the first embodiment, and formal key information may be issuedwhen the distance between the vehicle 10 and the user terminal 200 isless than the second distance as in the modified example. Alternatively,temporary key information may be issued when the distance between thevehicle 10 and the user terminal 200 is less than the first distance asin the second embodiment and formal key information may be issued whenthe user terminal 200 is connected to the key unit 100 of the vehicle 10by short-range communication as in the first embodiment.

In the above-mentioned embodiment, when the user terminal 200 hasreturned the formal key information or when the validity period of theformal key information has expired, the user terminal 200 setsinvalidation of an unlocking operation of the user terminal 200.Instead, when the central server 400 has received a formal keyinformation return notification from the user terminal 200 or when thevalidity period of the formal key information has expired, the centralserver 400 may instruct the user terminal 200 to invalidate theunlocking operation.

In the above-mentioned embodiment, an upper limit is not set for thenumber of issued pieces of temporary key information for the vehicle 10,but an upper limit may be set for the number of issued pieces oftemporary key information for the vehicle 10. The upper limit of thenumber of issued pieces of temporary key information may be set, forexample, every day or ever hour. Accordingly, it is possible to limitthe number of pickup and delivery users who can access the vehicle 10.

In the above-mentioned embodiment, an example in which the vehicle 10 isunlocked by the locking/unlocking device 300 when the authenticationprocess in the key unit 100 has succeeded has been described above, butthe locking/unlocking device 300 may perform the process in the key unit100. That is, the locking/unlocking device 300 may include a controlunit (ECU) for authenticating authentication information received fromthe user terminal 200, and the control unit may transmit an unlockingcommand or a locking command to the body ECU 304 via an onboard networksuch as a CAN when authentication of the user terminal 200 hassucceeded. Accordingly, it is possible to enable pickup and delivery ofbaggage in the cargo compartment of the vehicle 10 with a simpleconfiguration without installing the key unit 100.

In the above-mentioned embodiment, the user terminal 200 receivesauthentication information from the central server 400, alocking/unlocking signal is transmitted from the key unit 100 to thelocking/unlocking device 300 when the user terminal 200 is authenticatedby the key unit 100 based on the received authentication information,and the vehicle 10 is locked/unlocked. Instead, the authenticationinformation may include information of a key ID for locking/unlockingthe vehicle 10, not information for authenticating the user terminal200.

In this case, the user terminal 200 receives authentication informationincluding a key ID for locking/unlocking the vehicle 10 from the centralserver 400 via the pickup and delivery management server 500, andtransmits the received key ID along with a locking/unlocking signal tothe locking/unlocking device 300. The locking/unlocking device 300compares the received key ID with a key ID stored in advance in thelocking/unlocking device 300 and locks/unlocks the vehicle 10 when bothkey IDs coincide with each other. The key ID is transmitted and receivedin an encrypted state between the user terminal 200 and the centralserver 400 or the locking/unlocking device 300. The formal issuancecontrol unit 4022 of the central server 400 may generate a one-time key,for example, by encrypting the key ID along with time information usinga predetermined algorithm. The locking/unlocking device 300 decrypts thereceived one-time key using the same algorithm as in the central server400 and compares the decrypted one-time key with the key ID stored inadvance in the locking/unlocking device 300.

By including the one-time key generated from the key ID and the timeinformation in the authentication information, the central server 400can generate authentication information which is temporarily valid foreach issuance request and transmit the generated authenticationinformation to the user terminal 200.

In the above-mentioned embodiment, a system in which a vehicle 10 isused as a pickup and delivery place and authentication information forlocking and unlocking the vehicle 10 is issued has been described above,but the application of the technique described in the embodiment is notlimited thereto. For example, when an unmanned facility such as agarage, a warehouse, a safe, or a locker is configured to be lockableand unlockable using authentication information, the technique describedin the embodiment may be applied to a system in which the facility isused as a pickup and delivery place and authentication informationcorresponding to the facility is issued. The facility is not limited toan unmanned facility but, for example, home or a work place of a requestuser may be included in the facility.

Recording Medium

A program causing a computer or other machine or device (hereinafterreferred to as a computer or the like) to execute the above-mentionedissuance control can be recorded on a computer-readable recordingmedium. By causing the computer or the like to read and execute theprogram of the recording medium, the computer or the like can serves asthe central server 400.

Here, a recording medium which can be read by a computer or the likerefers to a non-transitory recording medium which can store informationsuch as data or programs in an electrical, magnetic, optical,mechanical, or chemical action and be read by the computer or the like.Examples of the recording medium which can be detached from the computeror the like include a flexible disk, a magneto-optical disk, a CD-ROM, aCD-R/W, a DVD, a Blu-ray Disc, a DAT, a 8 mm tape, and a memory cardsuch as a flash memory. Examples of the recording medium which is fixedto the computer or the like include a hard disk and a read only memory(ROM). A solid state drive (SSD) can be used as a recording medium whichcan be detached from the computer or the like and can also be used as arecording medium which is fixed to the computer or the like.

What is claimed is:
 1. An authentication information control system thatcontrols a user's access to a predetermined area in a vehicle or afacility in which baggage is accommodated and which is lockable andunlockable through a locking/unlocking process using a locking/unlockingcontrol device by issuing predetermined authentication information forenabling the locking/unlocking process using the locking/unlockingcontrol device to a user terminal of the user, the authenticationinformation control system comprising a control unit wherein: thecontrol unit is configured to issue temporary authentication informationfor disabling the locking/unlocking process using the locking/unlockingcontrol device to a user terminal satisfying a first condition, and thecontrol unit is configured to determine whether first authenticationinformation has been issued to another user terminal when a distancebetween the user terminal to which the temporary authenticationinformation has been issued and the vehicle or the facility becomes lessthan a first distance, to issue second authentication information to theuser terminal to which the temporary authentication information has beenissued when the first authentication information has not been issued toanother user terminal, and to issue the second authenticationinformation to the user terminal to which the temporary authenticationinformation has been issued with detection of ending of use of the firstauthentication information in another user terminal as a trigger whenthe first authentication information has been issued to the other userterminal.
 2. The authentication information control system according toclaim 1, wherein the control unit is configured not to perform a processof invalidating the second authentication information on the userterminal until a predetermined time elapses after ending of use of thesecond authentication information in the user terminal has beendetected.
 3. The authentication information control system according toclaim 2, wherein the user terminal invalidates an unlocking processusing the locking/unlocking control device and validates a lockingprocess in a period of time from detection of ending of use of thesecond authentication information in the user terminal to execution ofthe process of invalidating the second authentication information. 4.The authentication information control system according to claim 1,wherein the control unit is configured to set a validity period of thesecond authentication information at the same time as issuing the secondauthentication information to the user terminal and to detect ending ofuse of the second authentication information in the user terminal whenthe validity period expires.
 5. The authentication information controlsystem according to claim 1, wherein: the control unit is configured toset a validity period of the temporary authentication information at thesame time as issuing the temporary authentication information; and thecontrol unit is configured to determine whether a time remaining untilthe validity period of the temporary authentication information expiresis less than a predetermined time length when the distance between theuser terminal to which the temporary authentication information has beenissued and the vehicle or the facility becomes less than the firstdistance, and not to issue the second authentication information to theuser terminal when the remaining time is less than the predeterminedtime length.
 6. An authentication information control method ofcontrolling a user's access to a predetermined area in a vehicle or afacility in which baggage is accommodated and which is lockable andunlockable through a locking/unlocking process using a locking/unlockingcontrol device by issuing predetermined authentication information forenabling the locking/unlocking process using the locking/unlockingcontrol device to a user terminal of the user, the authenticationinformation control method comprising: issuing temporary authenticationinformation for disabling the locking/unlocking process using thelocking/unlocking control device to a user terminal satisfying a firstcondition; determining whether first authentication information has beenissued to another user terminal when a distance between the userterminal to which the temporary authentication information has beenissued and the vehicle or the facility becomes less than a firstdistance; and issuing second authentication information to the userterminal to which the temporary authentication information has beenissued when the first authentication information has not been issued toanother user terminal, and issuing the second authentication informationto the user terminal to which the temporary authentication informationhas been issued with detection of ending of use of the firstauthentication information in another user terminal as a trigger whenthe first authentication information has been issued to the other userterminal.
 7. A non-transitory computer readable medium storing a programfor controlling a user's access to a predetermined area in a vehicle ora facility in which baggage is accommodated and which is lockable andunlockable through a locking/unlocking process using a locking/unlockingcontrol device by issuing predetermined authentication information forenabling the locking/unlocking process using the locking/unlockingcontrol device to a user terminal of the user, the program causing acomputer to perform a method, the method comprising: issuing temporaryauthentication information for disabling the locking/unlocking processusing the locking/unlocking control device to a user terminal satisfyinga first condition; determining whether first authentication informationhas been issued to another user terminal when a distance between theuser terminal to which the temporary authentication information has beenissued and the vehicle or the facility becomes less than a firstdistance; and issuing second authentication information to the userterminal to which the temporary authentication information has beenissued when the first authentication information has not been issued toanother user terminal, and issuing the second authentication informationto the user terminal to which the temporary authentication informationhas been issued with detection of ending of use of the firstauthentication information in another user terminal as a trigger whenthe first authentication information has been issued to the other userterminal.